subject:"Session management"

Session management

2003-07-22 Thread Jason Meredith


Chaps

I am sure this question has been asked before, if it has please point me in
the right direction (URL - example)

A user log's into a web site, once the user has been authenticated, a
session is created , there are many different actions that a user can
perform, and it is easy to check if a session exists or has expired within
each action. If the session times out, then a user is redirected back to
the login page. No problem.

What do I do for those pages that do not have actions, pages that have
global forwards for example (org.apache.struts.actions.ForwardAction),
things like legal pages, site maps, and so on? I don't want to create an
action just to display a simple JSP/HTML page, that's why I used a forward.

Regards

Jason Meredith



***
The e-mail and any attachments are confidential. They may contain
privileged information and are intended for the named addressee(s)
only. If you are not the intended recipient, please notify us
immediately and do not disclose, distribute, or retain this e-mail
or any part of it.

Unless expressly stated, opinions in this e-mail are those of the
individual sender and not of the FIMAT Group. We believe but do not
warrant that this e-mail and any attachments are virus free. 
You must therefore take full responsibility for virus checking. 
The FIMAT Group reserve the right to monitor e-mail communications
through its networks. 

Where this communication constitutes a financial promotion it is issued
and approved by Fimat International Banque S.A. (UK Branch) and is 
only intended for persons of a kind described in article 19(5) of the
Financial Services and Markets Act 2000 (Financial Promotion) Order
2001.  This information is not intended to be distributed to UK "Private
Customers" (as defined by the Financial Services Authority).

Fimat International Banque S.A. (UK Branch) whose registered branch
in England is at SG House, 41 Tower Hill, London EC3N 4SG is authorised
by the Commission Bancaire in France and by the UK Financial Services
Authority; regulated by the Financial Services Authority for the conduct of
UK Business and is entered in the Financial Services Authority's register
(Register Number 183415), access to which can be gained via the following
link: www.fsa.gov.uk/register/

Member and a SETS Participant of the London Stock Exchange ("LSE").
Where this communication is confirming an "on exchange" transaction
(as defined by the LSE),the transaction is subject to the rules of the LSE.
Any information, opinions, estimates and forecasts contained in this 
document have been arrived at or obtained from public sources believed
to be reliable and in good faith which has not been independently 
verified and no warranty, express or implied, is made as to their accuracy,
completeness or correctness.  

This document is not an offer to sell or a solicitation to acquire or dispose
of an interest in financial instruments. 

If you have received this transmission in error, please telephone
+44 020 7676 8999 immediately so that we can arrange for its return.
***


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Session Management

2003-01-10 Thread JONATHAN PHILIP HOLLOWAY

Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,   
 Dept. Of Computer Science,   
 Aberystwyth University, 
 Ceredigion,  
 West Wales,  
 SY23 3DV.
  
 07968 902140 
 http://users.aber.ac.uk/jph8 
*-*

Session management

2004-02-24 Thread Parag

Experts,

We are planning to build an application, for which expected concurrent users
are ~100. Total usrs being 2000.

Does Struts provide any facilities to manage Sessions on such scale?

Some of the functionality is very data intensive, and would need transaction
management. What is the prefered way of doing so? Are there any facilities
in Struts

All your comments are highly appreciated.

Regards
Parag

*
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*
Visit us at http://www.mahindrabt.com




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Session Management

2002-04-05 Thread Vikram Goyal01


Hi All,

Do Struts html tags handle session management when cookies are turned off? Do they 
resort to URL rewriting?

Do I need to do anything extra to make sure that session management works in case of 
cookies being turned off?

Rgs
Vikram

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session management

2003-07-22 Thread Navjot Singh

|What do I do for those pages that do not have actions, pages that have
|global forwards for example (org.apache.struts.actions.ForwardAction),
|things like legal pages, site maps, and so on? I don't want to create an
|action just to display a simple JSP/HTML page, that's why I used a forward.
|

these pages that do not have actions are surely not important enough
to be cared whether the user is logged in or not. or i am not able to
understand your requirement.

-navjot



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session management

2003-07-22 Thread Max Cooper

Jason,

Authentication and session creation are mostly independent -- you can have a
user with a session that has not been authenticated. I think a user will
always have a session once they have been authenticated, however.

I am not sure I understand quite what you are asking, but you can certainly
have simple JSP/HTML pages that don't have an action in front of them. For
instance, if you had a /sitemap.jsp page, you can link to it directly or use
a global forward (preferably with redrect="true" so the displayed page
content matches the URL in the address bar) to access it. If that page
requires a session, that is no problem even if the user is not
authenticated. If the page has features (like a "Good Morning, joeuser"
greeting), you must be prepared for the possibility that the user won't be
authenticated yet, and request.getRemoteUser() will return null. If you use
a security-constraint to require that the user authenticate themselves
before seeing a given page, you can assume that request.getRemoteUser() will
return a username since the user must be authenticated to view the page in
the first place.

Hope that helps,
-Max

- Original Message - 
From: "Jason Meredith" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, July 22, 2003 1:29 AM
Subject: Session management


>
> Chaps
>
> I am sure this question has been asked before, if it has please point me
in
> the right direction (URL - example)
>
> A user log's into a web site, once the user has been authenticated, a
> session is created , there are many different actions that a user can
> perform, and it is easy to check if a session exists or has expired within
> each action. If the session times out, then a user is redirected back to
> the login page. No problem.
>
> What do I do for those pages that do not have actions, pages that have
> global forwards for example (org.apache.struts.actions.ForwardAction),
> things like legal pages, site maps, and so on? I don't want to create an
> action just to display a simple JSP/HTML page, that's why I used a
forward.
>
> Regards
>
> Jason Meredith
>
>
>
> ***
> The e-mail and any attachments are confidential. They may contain
> privileged information and are intended for the named addressee(s)
> only. If you are not the intended recipient, please notify us
> immediately and do not disclose, distribute, or retain this e-mail
> or any part of it.
>
> Unless expressly stated, opinions in this e-mail are those of the
> individual sender and not of the FIMAT Group. We believe but do not
> warrant that this e-mail and any attachments are virus free.
> You must therefore take full responsibility for virus checking.
> The FIMAT Group reserve the right to monitor e-mail communications
> through its networks.
>
> Where this communication constitutes a financial promotion it is issued
> and approved by Fimat International Banque S.A. (UK Branch) and is
> only intended for persons of a kind described in article 19(5) of the
> Financial Services and Markets Act 2000 (Financial Promotion) Order
> 2001.  This information is not intended to be distributed to UK "Private
> Customers" (as defined by the Financial Services Authority).
>
> Fimat International Banque S.A. (UK Branch) whose registered branch
> in England is at SG House, 41 Tower Hill, London EC3N 4SG is authorised
> by the Commission Bancaire in France and by the UK Financial Services
> Authority; regulated by the Financial Services Authority for the conduct
of
> UK Business and is entered in the Financial Services Authority's register
> (Register Number 183415), access to which can be gained via the following
> link: www.fsa.gov.uk/register/
>
> Member and a SETS Participant of the London Stock Exchange ("LSE").
> Where this communication is confirming an "on exchange" transaction
> (as defined by the LSE),the transaction is subject to the rules of the
LSE.
> Any information, opinions, estimates and forecasts contained in this
> document have been arrived at or obtained from public sources believed
> to be reliable and in good faith which has not been independently
> verified and no warranty, express or implied, is made as to their
accuracy,
> completeness or correctness.
>
> This document is not an offer to sell or a solicitation to acquire or
dispose
> of an interest in financial instruments.
>
> If you have received this transmission in error, please telephone
> +44 020 7676 8999 immediately so that we can arrange for its return.
> ***
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session management

2003-07-22 Thread Erik Price



Jason Meredith wrote:
Chaps

I am sure this question has been asked before, if it has please point me in
the right direction (URL - example)
A user log's into a web site, once the user has been authenticated, a
session is created , there are many different actions that a user can
perform, and it is easy to check if a session exists or has expired within
each action. If the session times out, then a user is redirected back to
the login page. No problem.
What do I do for those pages that do not have actions, pages that have
global forwards for example (org.apache.struts.actions.ForwardAction),
things like legal pages, site maps, and so on? I don't want to create an
action just to display a simple JSP/HTML page, that's why I used a forward.
Chappie,

If you use container-managed authentication, then you know what to do -- 
simply specify these other resources in your CMA mappings.  However, I'm 
guessing that you aren't using CMA in this case.

Best bet would be to migrate your authentication code (where you check 
for session validity) out of the Actions and into a 
javax.servlet.Filter, and then map this Filter to any resources which 
need to be protected.



Erik

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Session Management Question

2003-12-22 Thread Srinivas Kusunam


Hi,

  Generally how do we take care of Session in Struts frame work. What are the best 
practices in that?
   
  Is it a good way to make all the Form Beans as Session scope?? If there is any 
sample code please provide me the link.

Thanks,



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session Management

2003-01-10 Thread Nelson, Laird

> -Original Message-
> From: JONATHAN PHILIP HOLLOWAY [mailto:[EMAIL PROTECTED]]
> 1. Storing things within the standard servlet session
> 
> 2. Using a UserWrapper object and storing that within the session.
> 
> Is the second way more preformance intensive or not and which is best
> practice?

I don't know about the performance implications, but the second way is
helpful if you need to delete whole chunks of the session atomically.

Laird

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Session Management

2003-01-10 Thread David Graham

Either way is fine.  It's highly unlikely that choice 2 would have any 
noticable performance problems.

David






From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
Reply-To: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: Session Management
Date: Fri, 10 Jan 2003 16:10:26 -

Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,
 Dept. Of Computer Science,
 Aberystwyth University,
 Ceredigion,
 West Wales,
 SY23 3DV.

 07968 902140
 http://users.aber.ac.uk/jph8
*-*



_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management

2003-01-10 Thread Puneet Agarwal

Session Management is required to achieve persistence. there are two manner
in which persistence can be achieved.

1. storing the information in HTTP session (possibly in session scope)
2. Storing the information using stateful session beans.

You have to take the decision based on your application's performance
expectations.

The cleaner approach is to define the scope of form as "session" and storing
everything in formbeans, nowhere else.
some readonly information can be stored in application context also.

Well you may choose to store some information in stateful session beans and
some in formbeans (HTTP session) but I would not suggest to keep the scope
of formbeans as "request" unless the screen is totally stateless.

Regards
Puneet

- Original Message -
From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 4:10 PM
Subject: Session Management


Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,
 Dept. Of Computer Science,
 Aberystwyth University,
 Ceredigion,
 West Wales,
 SY23 3DV.

 07968 902140
 http://users.aber.ac.uk/jph8
*-*



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management

2003-01-10 Thread Puneet Agarwal

Session Management is required to achieve persistence. there are two manner
in which persistence can be achieved.

1. storing the information in HTTP session (possibly in session scope)
2. Storing the information using stateful session beans.

You have to take the decision based on your application's performance
expectations.

The cleaner approach is to define the scope of form as "session" and storing
everything in formbeans, nowhere else.
some readonly information can be stored in application context also.

Well you may choose to store some information in stateful session beans and
some in formbeans (HTTP session) but I would not suggest to keep the scope
of formbeans as "request" unless the screen is totally stateless.

Regards
Puneet

- Original Message -
From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 4:10 PM
Subject: Session Management


Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,
 Dept. Of Computer Science,
 Aberystwyth University,
 Ceredigion,
 West Wales,
 SY23 3DV.

 07968 902140
 http://users.aber.ac.uk/jph8
*-*



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management

2003-01-10 Thread Phil Steitz

Puneet Agarwal wrote:

Session Management is required to achieve persistence. there are two manner
in which persistence can be achieved.

1. storing the information in HTTP session (possibly in session scope)
2. Storing the information using stateful session beans.


You can also use hidden fields (basically client-side state management), 
or application-managed durable storage (e.g RDBMS).


You have to take the decision based on your application's performance
expectations.

The cleaner approach is to define the scope of form as "session" and storing
everything in formbeans, nowhere else.
some readonly information can be stored in application context also.

Well you may choose to store some information in stateful session beans and
some in formbeans (HTTP session) but I would not suggest to keep the scope
of formbeans as "request" unless the screen is totally stateless.


Or unless the application has to scale to very large volumes, in which 
case you want to be very careful about creating too many session-scoped 
objects.


Regards
Puneet

- Original Message -
From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 4:10 PM
Subject: Session Management


Hi everyone,

I'm wondering about the ways of managing sessions in Struts and wanted
to know out of these two ways which was the better way of doing things:

1. Storing things within the standard servlet session

2. Using a UserWrapper object and storing that within the session.

Is the second way more preformance intensive or not and which is best
practice?

Many thanks,
Jon Holloway.

*-*
 Jonathan Holloway,
 Dept. Of Computer Science,
 Aberystwyth University,
 Ceredigion,
 West Wales,
 SY23 3DV.

 07968 902140
 http://users.aber.ac.uk/jph8
*-*



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>






--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management

2003-01-13 Thread Puneet Agarwal

Re: Session ManagementAgree that hidden variables can be used to store some values, 
but this may lead to higher network trafic.
Yeah for large applications the session scope may become to big to be handled by 
memory.

So what is the workaround for such an application ?

We are currently in process of gathering the requirements of a BIG system.
At the same time we are deciding infrastructure related items.
What is the best practice in Large systems to handle the Session.

Regards
Puneet

- Original Message - 
  From: Phil Steitz 
  To: Struts Users Mailing List 
  Sent: Saturday, January 11, 2003 4:45 AM
  Subject: Re: Session Management


  Puneet Agarwal wrote:
  > Session Management is required to achieve persistence. there are two manner
  > in which persistence can be achieved.
  >
  > 1. storing the information in HTTP session (possibly in session scope)
  > 2. Storing the information using stateful session beans.

  You can also use hidden fields (basically client-side state management),
  or application-managed durable storage (e.g RDBMS).

  >
  > You have to take the decision based on your application's performance
  > expectations.
  >
  > The cleaner approach is to define the scope of form as "session" and storing
  > everything in formbeans, nowhere else.
  > some readonly information can be stored in application context also.
  >
  > Well you may choose to store some information in stateful session beans and
  > some in formbeans (HTTP session) but I would not suggest to keep the scope
  > of formbeans as "request" unless the screen is totally stateless.

  Or unless the application has to scale to very large volumes, in which
  case you want to be very careful about creating too many session-scoped
  objects.

  >
  > Regards
  > Puneet
  >
  > - Original Message -
  > From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
  > To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
  > Sent: Friday, January 10, 2003 4:10 PM
  > Subject: Session Management
  >
  >
  > Hi everyone,
  >
  > I'm wondering about the ways of managing sessions in Struts and wanted
  > to know out of these two ways which was the better way of doing things:
  >
  > 1. Storing things within the standard servlet session
  >
  > 2. Using a UserWrapper object and storing that within the session.
  >
  > Is the second way more preformance intensive or not and which is best
  > practice?
  >
  > Many thanks,
  > Jon Holloway.
  >
  > *-*
  >  Jonathan Holloway,
  >  Dept. Of Computer Science,
  >  Aberystwyth University,
  >  Ceredigion,
  >  West Wales,
  >  SY23 3DV.
  >
  >  07968 902140
  >  http://users.aber.ac.uk/jph8
  > *-*
  >
  >
  >
  > --
  > To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
  > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
  >




  --
  To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
  For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management

2003-01-13 Thread Charles Fineman

Phil gave you the work around:

You can also use hidden fields (basically client-side state
management),
or application-managed durable storage (e.g RDBMS).

You can play around with a "reaper" thread too but this could be perilous.
You need to build up a bit of a framework around this and it's not a
foolproof system. In effect you end up re-implementing the session timeout
logic but presumably using a much shorter timeout for the data.

The bottom line is that you cannot hang on to a lot of state in the
app-server if you plan to support a lot of concurrent users.

IMO, the best thing is to use the hidden field approach since you "pay as
you play".

The DB solution is a viable option but you have to deal with marshalling the
data then and it's a lot more expensive. Plus you need to deal with cleaning
up the data if the app-server the user was on craps out (and there wasn't a
clustered rollover to another server).

There are various caching techniques one could employ as well but that
depends on the type of information you are trying to hang on to.

- Original Message -
From: "Puneet Agarwal" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, January 13, 2003 7:07 AM
Subject: Re: Session Management

Re: Session ManagementAgree that hidden variables can be used to store some
values, but this may lead to higher network trafic.
Yeah for large applications the session scope may become to big to be
handled by memory.

So what is the workaround for such an application ?

We are currently in process of gathering the requirements of a BIG system.
At the same time we are deciding infrastructure related items.
What is the best practice in Large systems to handle the Session.

Regards
Puneet

- Original Message -
  From: Phil Steitz
  To: Struts Users Mailing List
  Sent: Saturday, January 11, 2003 4:45 AM
  Subject: Re: Session Management

  Puneet Agarwal wrote:
  > Session Management is required to achieve persistence. there are two
manner
  > in which persistence can be achieved.
  >
  > 1. storing the information in HTTP session (possibly in session scope)
  > 2. Storing the information using stateful session beans.

  You can also use hidden fields (basically client-side state management),
  or application-managed durable storage (e.g RDBMS).

  >
  > You have to take the decision based on your application's performance
  > expectations.
  >
  > The cleaner approach is to define the scope of form as "session" and
storing
  > everything in formbeans, nowhere else.
  > some readonly information can be stored in application context also.
  >
  > Well you may choose to store some information in stateful session beans
and
  > some in formbeans (HTTP session) but I would not suggest to keep the
scope
  > of formbeans as "request" unless the screen is totally stateless.

  Or unless the application has to scale to very large volumes, in which
  case you want to be very careful about creating too many session-scoped
  objects.

  >
  > Regards
  > Puneet
  >
  > - Original Message -
  > From: "JONATHAN PHILIP HOLLOWAY" <[EMAIL PROTECTED]>
  > To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
  > Sent: Friday, January 10, 2003 4:10 PM
  > Subject: Session Management
  >
  >
  > Hi everyone,
  >
  > I'm wondering about the ways of managing sessions in Struts and wanted
  > to know out of these two ways which was the better way of doing things:
  >
  > 1. Storing things within the standard servlet session
  >
  > 2. Using a UserWrapper object and storing that within the session.
  >
  > Is the second way more preformance intensive or not and which is best
  > practice?
  >
  > Many thanks,
  > Jon Holloway.
  >
  > *-*
  >  Jonathan Holloway,
  >  Dept. Of Computer Science,
  >  Aberystwyth University,
  >  Ceredigion,
  >  West Wales,
  >  SY23 3DV.
  >
  >  07968 902140
  >  http://users.aber.ac.uk/jph8
  > *-*
  >
  >
  >
  > --
  > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
  > For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
  >

  --
  To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
  For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session management

2004-02-24 Thread Navjot Singh

struts has nothing to do with managing sessions. we should better 
talk about servlet containers that handles sessions.

btw, 100 sessions are nothing to worry about :-)

leave the txn mgmt to db layer. use any of the persistence frameworks
that can handles this for you.

>-Original Message-
>From: Parag [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, February 24, 2004 2:44 PM
>To: Struts Users Mailing List
>Subject: Session management
>
>
>Experts,
>
>We are planning to build an application, for which expected 
>concurrent users
>are ~100. Total usrs being 2000.
>
>Does Struts provide any facilities to manage Sessions on such scale?
>
>Some of the functionality is very data intensive, and would need 
>transaction
>management. What is the prefered way of doing so? Are there any facilities
>in Struts
>
>All your comments are highly appreciated.
>
>Regards
>Parag
>
>*
>Disclaimer
>
>This message (including any attachments) contains 
>confidential information intended for a specific 
>individual and purpose, and is protected by law. 
>If you are not the intended recipient, you should 
>delete this message and are hereby notified that 
>any disclosure, copying, or distribution of this
>message, or the taking of any action based on it, 
>is strictly prohibited.
>
>*
>Visit us at http://www.mahindrabt.com
>
>
>
>
>-
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session management

2004-02-24 Thread Adam Hardy

For the sake of a clean design, restrict your transaction management to 
your model layer (in MVC). That means, like Navjot says, keep it clear 
of your struts action classes.

On 02/24/2004 10:19 AM Navjot Singh wrote:
struts has nothing to do with managing sessions. we should better 
talk about servlet containers that handles sessions.

btw, 100 sessions are nothing to worry about :-)

leave the txn mgmt to db layer. use any of the persistence frameworks
that can handles this for you.

-Original Message-
From: Parag [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004 2:44 PM
To: Struts Users Mailing List
Subject: Session management
Experts,

We are planning to build an application, for which expected 
concurrent users
are ~100. Total usrs being 2000.

Does Struts provide any facilities to manage Sessions on such scale?

Some of the functionality is very data intensive, and would need 
transaction
management. What is the prefered way of doing so? Are there any facilities
in Struts

All your comments are highly appreciated.

Regards
Parag
*
Disclaimer
This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*
Visit us at http://www.mahindrabt.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

session management problem

2002-10-12 Thread srinivas









 

we are developing a
intranet enterprise application, we are facing a typical problem in session
management , our application gets automatically sessioned
timed out even the logged in user has a valid session.

 

our environment
is

 

Linux Red hat 7.2

JBoss 3.0.3

Apache 1.3.20

tomcat 4.0.4

struts 1.0.2

 

we are creating a new
session when user credentials are passed and after some time he will be thrown
out of the system since he doesn’t have valid session. But
the user had valid session.

 

Any help in this is appreciable

 

Regards

Srinivas







**Disclaimer** 
   
 
 Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' 
and 'confidential' and intended for use only by the individual or entity to which it 
is 
addressed. You are notified that any use, copying or dissemination of the information 
contained in the E-MAIL in any manner whatsoever is strictly prohibited.








--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Session Management Methodology

2002-06-12 Thread Dennis Muhlestein


Using Struts 1.0.2

Some of my pages have ActionForms.
Some only have Action Classes that do something.

Some have nothing but an action mapping in the config xml file.

Most of my pages however require a user to be logged in.  
Before I used Struts, I put session management in a common servlet.
That can still work with struts, but the problem is, ActionForms
get called and instantiated before the request gets to the Servlet.

Is there a uniform place I could put session management that would apply
to the Action before the ActionForm was called.  I would like to have
the user redireced to the login page first instead of after the
ActionForm.  

Thanks
Dennis




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: session management problem

2002-10-12 Thread Thomas Eichberger


Maybe stupid question, but what session-timeout do you have? May be the 
user just didn't do anything on the page for a period longer than the 
session timeout?

Thomas

At 17:25 12.10.2002 +0530, srinivas wrote:

>
>
>we are developing a intranet enterprise application, we are facing a 
>typical problem in session management , our application gets automatically 
>sessioned timed out even the logged in user has a valid session.
>
>
>
>our environment is
>
>
>
>Linux Red hat 7.2
>
>JBoss 3.0.3
>
>Apache 1.3.20
>
>tomcat 4.0.4
>
>struts 1.0.2
>
>
>
>we are creating a new session when user credentials are passed and after 
>some time he will be thrown out of the system since he doesn t have valid 
>session. But the user had valid session.
>
>
>
>Any help in this is appreciable
>
>
>
>Regards
>
>Srinivas
>
>--
>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: session management problem

2002-10-12 Thread srinivas

Hi Thomas, 
The session timeout is 28,800 sec(8 hours), this value is part of
requirements.  Users are actively hitting the application. Our
application is under  testing and this was reported by our QA team, and
these people wont keep system idle.

Regards
Srinivas

-Original Message-
From: Thomas Eichberger [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, October 12, 2002 6:44 PM
To: Struts Users Mailing List
Cc: [EMAIL PROTECTED]
Subject: Re: session management problem

Maybe stupid question, but what session-timeout do you have? May be the 
user just didn't do anything on the page for a period longer than the 
session timeout?

Thomas

At 17:25 12.10.2002 +0530, srinivas wrote:

>
>
>we are developing a intranet enterprise application, we are facing a 
>typical problem in session management , our application gets
automatically 
>sessioned timed out even the logged in user has a valid session.
>
>
>
>our environment is
>
>
>
>Linux Red hat 7.2
>
>JBoss 3.0.3
>
>Apache 1.3.20
>
>tomcat 4.0.4
>
>struts 1.0.2
>
>
>
>we are creating a new session when user credentials are passed and
after 
>some time he will be thrown out of the system since he doesn t have
valid 
>session. But the user had valid session.
>
>
>
>Any help in this is appreciable
>
>
>
>Regards
>
>Srinivas
>
>--
>To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

**Disclaimer** 

 Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' 
and 'confidential' and intended for use only by the individual or entity to which it 
is 
addressed. You are notified that any use, copying or dissemination of the information 
contained in the E-MAIL in any manner whatsoever is strictly prohibited.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Session management in Struts

2002-03-11 Thread Mark Glass


I'm developing a web application in Struts that requires a user to have a session 
before they can use the application. Currently anyone can bypass the logon and use the 
application. I would like the user to be required to login first. I am saving the user 
info to session when the user logs in and testing the session for this attribute 
before allowing them to use the functionality, however this does not work.

Can anyone point me to a paper or tutorial or example which will show me how to do 
this properly?

Thanks much in advance,
Mark

Session management with Struts

2001-05-09 Thread TJM Todd McGregor


I have a requirement that my application be able to allow multiple browser
windows, sharing the same HttpSession, to access two separate instances of a
business process simultaneously. For example, if I have a form that allows a
user to change their address information my application must allow them to
have two address forms open in separate browser windows using the same
HttpSession. To make a long story short, can Struts accommodate multiple
instances of an ActionForm in the same session? Any general comments on how
Struts does session management would also be welcome.

Thanks in advance for your response,

Todd McGregor

Re: Session Management Methodology

2002-06-12 Thread Adam Hardy


I extended the Action class to do that. I have one Action class that 
does that and so on, and all my other Action classes extend it.

Adam

Dennis Muhlestein wrote:

>Using Struts 1.0.2
>
>Some of my pages have ActionForms.
>Some only have Action Classes that do something.
>
>Some have nothing but an action mapping in the config xml file.
>
>Most of my pages however require a user to be logged in.  
>Before I used Struts, I put session management in a common servlet.
>That can still work with struts, but the problem is, ActionForms
>get called and instantiated before the request gets to the Servlet.
>
>Is there a uniform place I could put session management that would apply
>to the Action before the ActionForm was called.  I would like to have
>the user redireced to the login page first instead of after the
>ActionForm.  
>
>Thanks
>Dennis
>
>
>
>
>--
>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>  
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session Management Methodology

2002-06-12 Thread Greg.Reddin


I think filters are the best way to handle redirection to a logon
screen, but that requires Servlet 2.3.  Otherwise you have to either
modify the ActionServlet to redirect before calling the Action or
ActionForm, or put code in the Action that checks for a valid login
before continuing.  I would much prefer to use filters over either of
these methods.

Greg

> -Original Message-
> From: Dennis Muhlestein [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 12, 2002 2:20 PM
> To: [EMAIL PROTECTED]
> Subject: Session Management Methodology
> 
> 
> Using Struts 1.0.2
> 
> Some of my pages have ActionForms.
> Some only have Action Classes that do something.
> 
> Some have nothing but an action mapping in the config xml file.
> 
> Most of my pages however require a user to be logged in.  
> Before I used Struts, I put session management in a common servlet.
> That can still work with struts, but the problem is, ActionForms
> get called and instantiated before the request gets to the Servlet.
> 
> Is there a uniform place I could put session management that 
> would apply
> to the Action before the ActionForm was called.  I would like to have
> the user redireced to the login page first instead of after the
> ActionForm.  
> 
> Thanks
> Dennis

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management Methodology

2002-06-12 Thread Adam Hardy


The standard wisdom is that you only do type-validation in the form and 
you do business validation later, i.e. make sure a date's a date and a 
number's a number. There's not exactly much overhead or drawback to 
doing that for everybody, whether they're logged in or not.

If you're worried about wasting user's time if you're just going to 
reject them anyway, make sure you save their request info when you 
forward them to the login page.

If you're really set on validating the user before validating the form 
content, you can access the request object in the validation method, so 
you can get the session and any stored login info to verify the user 
there. In that case you would probably want to subclass the ActionForm.

Adam

Dennis Muhlestein wrote:

>Thanks for the input.
>
>I thought of that.  But what if My ActionForm needs to know who is
>logged in before it can validate the data.  That's pushing it I know, I
>probably shouldn't validate that much data in a form.  I don't think I
>am... but what if?  
>
>Is there a standard way to intercept that or would I have to modify
>struts?
>
>Thanks
>Dennis
>
>
>On Wed, 2002-06-12 at 13:32, Adam Hardy wrote:
>  
>
>>I extended the Action class to do that. I have one Action class that 
>>does that and so on, and all my other Action classes extend it.
>>
>>Adam
>>
>>Dennis Muhlestein wrote:
>>
>>
>>
>>>Using Struts 1.0.2
>>>
>>>Some of my pages have ActionForms.
>>>Some only have Action Classes that do something.
>>>
>>>Some have nothing but an action mapping in the config xml file.
>>>
>>>Most of my pages however require a user to be logged in.  
>>>Before I used Struts, I put session management in a common servlet.
>>>That can still work with struts, but the problem is, ActionForms
>>>get called and instantiated before the request gets to the Servlet.
>>>
>>>Is there a uniform place I could put session management that would apply
>>>to the Action before the ActionForm was called.  I would like to have
>>>the user redireced to the login page first instead of after the
>>>ActionForm.  
>>>
>>>Thanks
>>>Dennis
>>>
>>>
>>>
>>>
>>>--
>>>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>>>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>>>
>>>
>>> 
>>>
>>>  
>>>
>>
>>--
>>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>>
>>
>>
>
>
>
>--
>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>  
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session Management Methodology

2002-06-12 Thread Trieu, Danny


I think a save way to achive this is to not Modify the ActionServlet,
instead introduce another front Severvlet that will do your session
management and have this servlet forward the request to the Struts'
ActionServlet to continue the work.  In another word this is like having a
filter, but since silter is not support in any other servlet api that come
before Servlet2.3.

> -Original Message-
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 12, 2002 12:38 PM
> To:   [EMAIL PROTECTED]
> Subject:  RE: Session Management Methodology
> 
> I think filters are the best way to handle redirection to a logon
> screen, but that requires Servlet 2.3.  Otherwise you have to either
> modify the ActionServlet to redirect before calling the Action or
> ActionForm, or put code in the Action that checks for a valid login
> before continuing.  I would much prefer to use filters over either of
> these methods.
> 
> Greg
> 
> > -Original Message-
> > From: Dennis Muhlestein [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, June 12, 2002 2:20 PM
> > To: [EMAIL PROTECTED]
> > Subject: Session Management Methodology
> > 
> > 
> > Using Struts 1.0.2
> > 
> > Some of my pages have ActionForms.
> > Some only have Action Classes that do something.
> > 
> > Some have nothing but an action mapping in the config xml file.
> > 
> > Most of my pages however require a user to be logged in.  
> > Before I used Struts, I put session management in a common servlet.
> > That can still work with struts, but the problem is, ActionForms
> > get called and instantiated before the request gets to the Servlet.
> > 
> > Is there a uniform place I could put session management that 
> > would apply
> > to the Action before the ActionForm was called.  I would like to have
> > the user redireced to the login page first instead of after the
> > ActionForm.  
> > 
> > Thanks
> > Dennis
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management Methodology

2002-06-12 Thread Dennis Muhlestein


Thanks for the input.

I thought of that.  But what if My ActionForm needs to know who is
logged in before it can validate the data.  That's pushing it I know, I
probably shouldn't validate that much data in a form.  I don't think I
am... but what if?  

Is there a standard way to intercept that or would I have to modify
struts?

Thanks
Dennis


On Wed, 2002-06-12 at 13:32, Adam Hardy wrote:
> I extended the Action class to do that. I have one Action class that 
> does that and so on, and all my other Action classes extend it.
> 
> Adam
> 
> Dennis Muhlestein wrote:
> 
> >Using Struts 1.0.2
> >
> >Some of my pages have ActionForms.
> >Some only have Action Classes that do something.
> >
> >Some have nothing but an action mapping in the config xml file.
> >
> >Most of my pages however require a user to be logged in.  
> >Before I used Struts, I put session management in a common servlet.
> >That can still work with struts, but the problem is, ActionForms
> >get called and instantiated before the request gets to the Servlet.
> >
> >Is there a uniform place I could put session management that would apply
> >to the Action before the ActionForm was called.  I would like to have
> >the user redireced to the login page first instead of after the
> >ActionForm.  
> >
> >Thanks
> >Dennis
> >
> >
> >
> >
> >--
> >To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> >
> >
> >  
> >
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session Management Methodology

2002-06-12 Thread Dennis Muhlestein


I created a filter as advised by Greg.  It works wonderfully.
You could protect requests for any resource with Filters.

See suns j2ee web tutorial for a filter example.

On Wed, 2002-06-12 at 13:19, Dennis Muhlestein wrote:
> Using Struts 1.0.2
> 
> Some of my pages have ActionForms.
> Some only have Action Classes that do something.
> 
> Some have nothing but an action mapping in the config xml file.
> 
> Most of my pages however require a user to be logged in.  
> Before I used Struts, I put session management in a common servlet.
> That can still work with struts, but the problem is, ActionForms
> get called and instantiated before the request gets to the Servlet.
> 
> Is there a uniform place I could put session management that would apply
> to the Action before the ActionForm was called.  I would like to have
> the user redireced to the login page first instead of after the
> ActionForm.  
> 
> Thanks
> Dennis
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

[OT] Session Management using EJB

2003-07-10 Thread Nimish Chourey , Tidel Park - Chennai

Hi all ,
I want to know if there are  applications that implements Session
Management using EJB's  rather then using the HttpSession on Web tier .
I want to know the pros and cons of this approach . For all the R&D that I
have done , it seems that this approach could be used when you are deploying
your application in a clustered environment , where it is really a over head
to duplicate the sessions on all the servers in the cluster .
Still I am in dilemma , whether to follow this approach or not ??
This is really off topic , but I guess many of the developers here must have
come across this ..
Any sort of help , pointers is really appreciated .


Regards
Nimish

Session management for cached resources

2002-10-02 Thread James A. Hillyerd


Hi all,

The Husted.com Struts Catalog mentions a technique for providing session
management for cached resources (a Resource Cache):

"Most Web applications require use of a workflow, and need to save
ActionForms and other attributes for future use. These items may also
need to be released in a block when the workflow completes. A convenient
way to handle this is to define a "Resource Cache". This can simply be a
hash map that uses a wrapper object to manage its items. The wrapper
object can include a named "scope", a property to indicate whether the
item is permanent or temporary, and a counter. To keep the cache
manageable, a threshold can be set, and the oldest temporary items
removed when the threshold is reached and a new item needs to be added."

( from http://husted.com/struts/catalog.html )

I can't find any information in the archives or online about
implementing something like this.  It seems like it would be difficult
to integrate with struts. How would struts handle having it's form beans
nested within this "Resource Cache" object?

Thanks.

-james

-- 
[]  James A. Hillyerd <[EMAIL PROTECTED]> - Java Software Engineer
[]  PGP 1024D/D31BC40D F87B 7906 C0DA 32E8 B8F6 DE23 FBF6 4712 D31B C40D


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session management in Struts

2002-03-11 Thread Joseph Barefoot


I'm not sure about a paper or tutorial Mark, but we accomplish this by
sub-classing the struts Action class and peforming authentication there.
All Action classes in the system except the login Action use this class
(call it CustomAction) as their superclass.  All user information (id,
password, etc.) is maintained in a session-scope Form initialized by the
login Action class.
The "perform" method defined in CustomAction performs authentication before
calling an appropriate method (call it "performAction") that is defined in
the subclass of CustomAction.  This way, the code for user authentication is
in a centralized location and will be called anytime the Struts servlet
controller processes a request.

If all your requests go through Action classes, this should work for you.

hope this helps,
Joe


-Original Message-
From: Mark Glass [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 11, 2002 1:08 PM
To: Struts Users Mailing List
Subject: Session management in Struts


I'm developing a web application in Struts that requires a user to have a
session before they can use the application. Currently anyone can bypass the
logon and use the application. I would like the user to be required to login
first. I am saving the user info to session when the user logs in and
testing the session for this attribute before allowing them to use the
functionality, however this does not work.

Can anyone point me to a paper or tutorial or example which will show me how
to do this properly?

Thanks much in advance,
Mark


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session management in Struts

2002-03-11 Thread Rafe Colburn


 The example application that comes with Struts has a taglib that
provides this very functionality.  There's a tag that checks to make
sure that the user is properly stored in the session, and if they
aren't, it forwards them to the login page.

On Mon, Mar 11, 2002 at 04:07:39PM -0500, Mark Glass wrote:
> I'm developing a web application in Struts that requires a user to have a session 
>before they can use the application. Currently anyone can bypass the logon and use 
>the application. I would like the user to be required to login first. I am saving the 
>user info to session when the user logs in and testing the session for this attribute 
>before allowing them to use the functionality, however this does not work.
> 
> Can anyone point me to a paper or tutorial or example which will show me how to do 
>this properly?
> 
> Thanks much in advance,
> Mark

-- 
 Rafe Colburn 
 http://rc3.org

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Session management in Struts

2002-03-11 Thread Ye Tian


Dear Mark:

Did you actually check if the session variables about username and pwd info were null 
or correct at the beginning of those pages? Plus, you need to clear up these session 
variables after the user log out.

Ye

Mark Glass wrote:

> I'm developing a web application in Struts that requires a user to have a session 
>before they can use the application. Currently anyone can bypass the logon and use 
>the application. I would like the user to be required to login first. I am saving the 
>user info to session when the user logs in and testing the session for this attribute 
>before allowing them to use the functionality, however this does not work.
>
> Can anyone point me to a paper or tutorial or example which will show me how to do 
>this properly?
>
> Thanks much in advance,
> Mark




--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Session management in Struts

2002-03-11 Thread Sean Willson


We accomplished this by writing an Authentication Filter that sits in front
of all requests to the servlet container. The problem with putting it in a
Struts Action and then subclassing that (which we did do at one time) is
that you can only then protect things going through Struts. Which in itself
isn't a problem IF that's the only framework you plan on using to route
eventing in your web application. If however you have other needs I
recommend looking into writing a filter.

You can do anything from creation of a session, setting session/request and
accessing application scoped variables from within the filter itself.

Sean

- Original Message -
From: "Mark Glass" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, March 11, 2002 3:07 PM
Subject: Session management in Struts


I'm developing a web application in Struts that requires a user to have a
session before they can use the application. Currently anyone can bypass the
logon and use the application. I would like the user to be required to login
first. I am saving the user info to session when the user logs in and
testing the session for this attribute before allowing them to use the
functionality, however this does not work.

Can anyone point me to a paper or tutorial or example which will show me how
to do this properly?

Thanks much in advance,
Mark



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session management in Struts

2002-03-11 Thread Joseph Barefoot


That sounds like a good idea to meso, this Authentication Filter is sort
of like a "servlet firewall"?

Hmmm...so you implement javax.servlet.Filter such that an unauthenticated
user is routed to a login page, and after login the assigned session ids are
then stored in the servlet context for subsequent authentications.  Then I
suppose you configure the filter (in the deployment descriptor) for the
Struts controller servlet and any other non-Struts servlets or resources you
may have and wish to enforce authentication on.

Neat.  Are there any "gotchas" for Struts other frameworks when using
Filters?

--joe

-Original Message-
From: Sean Willson [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 11, 2002 5:53 PM
To: Struts Users Mailing List
Subject: Re: Session management in Struts


We accomplished this by writing an Authentication Filter that sits in front
of all requests to the servlet container. The problem with putting it in a
Struts Action and then subclassing that (which we did do at one time) is
that you can only then protect things going through Struts. Which in itself
isn't a problem IF that's the only framework you plan on using to route
eventing in your web application. If however you have other needs I
recommend looking into writing a filter.

You can do anything from creation of a session, setting session/request and
accessing application scoped variables from within the filter itself.

Sean

- Original Message -
From: "Mark Glass" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, March 11, 2002 3:07 PM
Subject: Session management in Struts


I'm developing a web application in Struts that requires a user to have a
session before they can use the application. Currently anyone can bypass the
logon and use the application. I would like the user to be required to login
first. I am saving the user info to session when the user logs in and
testing the session for this attribute before allowing them to use the
functionality, however this does not work.

Can anyone point me to a paper or tutorial or example which will show me how
to do this properly?

Thanks much in advance,
Mark



--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session management in Struts

2002-03-11 Thread Sean Willson


"Servlet Firewall", that's a pretty cool name. FirewallFilter.java has a
ring to it ;) ...

The only gotchas I have found are that the container you are running this in
has to support the Servlet 2.3 specification. This really has no effect on
Struts at all ... But there are a number of things you can do to make it
integrated into struts however.

One thing we did do was create a root Action class that all classes
subclass. The Authentication Filter's job was to check that someone is
authenticated and forward on to some login action/jsp in the event they
aren't authenticated. The other job is if they are authenticated to place
their authentication token in the request. We have an underlying
authentication system that needs this token to perform anything in any
business tier. Anyhow, the root action takes that token out of the request
and then calls a method called processRequest which is the same as perform
except it passes in the token as the first argument.

Anyhow, not sure I answered your question ... but anyhow, the only gotcha I
know of is the 2.3 Servlet thing. Let me know if you need any other info ...

Sean

- Original Message -
From: "Joseph Barefoot" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, March 11, 2002 8:27 PM
Subject: RE: Session management in Struts


> That sounds like a good idea to meso, this Authentication Filter is
sort
> of like a "servlet firewall"?
>
> Hmmm...so you implement javax.servlet.Filter such that an unauthenticated
> user is routed to a login page, and after login the assigned session ids
are
> then stored in the servlet context for subsequent authentications.  Then I
> suppose you configure the filter (in the deployment descriptor) for the
> Struts controller servlet and any other non-Struts servlets or resources
you
> may have and wish to enforce authentication on.
>
> Neat.  Are there any "gotchas" for Struts other frameworks when using
> Filters?
>
> --joe
>
> -Original Message-
> From: Sean Willson [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 11, 2002 5:53 PM
> To: Struts Users Mailing List
> Subject: Re: Session management in Struts
>
>
> We accomplished this by writing an Authentication Filter that sits in
front
> of all requests to the servlet container. The problem with putting it in a
> Struts Action and then subclassing that (which we did do at one time) is
> that you can only then protect things going through Struts. Which in
itself
> isn't a problem IF that's the only framework you plan on using to route
> eventing in your web application. If however you have other needs I
> recommend looking into writing a filter.
>
> You can do anything from creation of a session, setting session/request
and
> accessing application scoped variables from within the filter itself.
>
> Sean
>
> - Original Message -
> From: "Mark Glass" <[EMAIL PROTECTED]>
> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> Sent: Monday, March 11, 2002 3:07 PM
> Subject: Session management in Struts
>
>
> I'm developing a web application in Struts that requires a user to have a
> session before they can use the application. Currently anyone can bypass
the
> logon and use the application. I would like the user to be required to
login
> first. I am saving the user info to session when the user logs in and
> testing the session for this attribute before allowing them to use the
> functionality, however this does not work.
>
> Can anyone point me to a paper or tutorial or example which will show me
how
> to do this properly?
>
> Thanks much in advance,
> Mark
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Session management in Struts

2002-03-12 Thread Dave Weis

On Mon, 11 Mar 2002, Mark Glass wrote:
> I'm developing a web application in Struts that requires a user to
> have a session before they can use the application. Currently anyone
> can bypass the logon and use the application. I would like the user to
> be required to login first. I am saving the user info to session when
> the user logs in and testing the session for this attribute before
> allowing them to use the functionality, however this does not work.

I'm using the servlet runner security for my stuff. It's a bit different
for Resin compared to Tomcat, but this is how to do it.

In your web.xml file, put something like this:

  /main/*
  /admin/*

Whenever you access a url that starts with main or admin, the servlet
container will make you authenticate. It's built in, so I would rather use
that than try to make my own. You can put links to things inside the
secured area and the login forms appear whenever they are needed. 

The file that contains the login form can also have a field called j_uri
to point you to a specific page after login, like a home section.

Username 

Password 

-- 
Dave Weis "I believe there are more instances of the abridgement
[EMAIL PROTECTED]   of the freedom of the people by gradual and silent
  encroachments of those in power than by violent 
  and sudden usurpations."- James Madison

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: Session management with Struts

2001-05-09 Thread Nanduri, Amarnath


Keep the ActionForms in 'request' scope. Then each page will have its own
ActionForm. The problme occurs when you want to store these forms in session
scope. 

cheers,
Amar..

-Original Message-
From: TJM Todd McGregor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 4:49 PM
To: [EMAIL PROTECTED]
Subject: Session management with Struts


I have a requirement that my application be able to allow multiple browser
windows, sharing the same HttpSession, to access two separate instances of a
business process simultaneously. For example, if I have a form that allows a
user to change their address information my application must allow them to
have two address forms open in separate browser windows using the same
HttpSession. To make a long story short, can Struts accommodate multiple
instances of an ActionForm in the same session? Any general comments on how
Struts does session management would also be welcome.

Thanks in advance for your response,

Todd McGregor

RE: Session management with Struts

2001-05-09 Thread TJM Todd McGregor

But that's exactly my problem. I have forms that may span multiple pages and
the ActionForm needs to be available across multiple requests. Any ideas

-Original Message-
From: Nanduri, Amarnath [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 1:53 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Session management with Struts

Keep the ActionForms in 'request' scope. Then each page will have its own
ActionForm. The problme occurs when you want to store these forms in session
scope. 

cheers,
Amar..

-Original Message-
From: TJM Todd McGregor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 4:49 PM
To: [EMAIL PROTECTED]
Subject: Session management with Struts

I have a requirement that my application be able to allow multiple browser
windows, sharing the same HttpSession, to access two separate instances of a
business process simultaneously. For example, if I have a form that allows a
user to change their address information my application must allow them to
have two address forms open in separate browser windows using the same
HttpSession. To make a long story short, can Struts accommodate multiple
instances of an ActionForm in the same session? Any general comments on how
Struts does session management would also be welcome.

Thanks in advance for your response,

Todd McGregor

RE: Session management with Struts

2001-05-10 Thread Andrew Steady


Hi,

I think you want to start looking at the 'tokens' functionality that comes
with struts. We did something similar in my last non-struts project and it
worked very well.

Andy S




[EMAIL PROTECTED] on 09/05/2001 22:44:26

Please respond to [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Andrew Steady/Swindon01/Domino01/Kinesis)
Subject:  RE: Session management with Struts




But that's exactly my problem. I have forms that may span multiple pages
and
the ActionForm needs to be available across multiple requests. Any
ideas
-Original Message-
From: Nanduri, Amarnath [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 1:53 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Session management with Struts

Keep the ActionForms in 'request' scope. Then each page will have its own
ActionForm. The problme occurs when you want to store these forms in
session
scope.
cheers,
Amar..
-Original Message-
From: TJM Todd McGregor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 4:49 PM
To: [EMAIL PROTECTED]
Subject: Session management with Struts

I have a requirement that my application be able to allow multiple browser
windows, sharing the same HttpSession, to access two separate instances of
a
business process simultaneously. For example, if I have a form that allows
a
user to change their address information my application must allow them to
have two address forms open in separate browser windows using the same
HttpSession. To make a long story short, can Struts accommodate multiple
instances of an ActionForm in the same session? Any general comments on how
Struts does session management would also be welcome.
Thanks in advance for your response,
Todd McGregor







The information transmitted is intended only for the person or entity to which it is 
addressed and may contain confidential and/or privileged material.  Any review, 
retransmission, dissemination or other use of, or taking of any action in reliance 
upon, this information by persons or entities other than the intended recipient is 
prohibited.   If you received this in error, please contact the sender and delete the 
material from any computer.

PricewaterhouseCoopers Kinesis Ltd

RE: Session management with Struts

2001-05-10 Thread Nanduri, Amarnath


In that case i would advise you to maintain a Hashmap/Hashtable of form
objects wrapped inside an Global Action form (session scope). Every time a
user opens a new browser window, i am sure that a unique id can be generated
for the new window ( i have seen a posting on this list a month back where
somebody has explained that using javascript we can generate a unique id for
every new web browser that was opened by the user). Store this id in a
hidden name=value pair. Check the mail archives as to how to do this.
Over-ride your ActionServlet service() method where you initially check the
id of the browser window. (btw the form objects wrapped inside the
GlobalActionForm object will be mapped to these id's.) . When the
corresponding form object is found, then you populate the data in that form
object. If no form object is found, then create a new form object and
populate the data in that form object (using reflection). Struts has
libraries to do this. This is a complicated way of doing it, but the best
that could pop out of my brain this time...(morning blues. I could use some
caffeine). 


cheers,
Amar..

-Original Message-
From: TJM Todd McGregor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 5:44 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Session management with Struts


But that's exactly my problem. I have forms that may span multiple pages and
the ActionForm needs to be available across multiple requests. Any ideas

-Original Message-
From: Nanduri, Amarnath [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 1:53 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Session management with Struts


Keep the ActionForms in 'request' scope. Then each page will have its own
ActionForm. The problme occurs when you want to store these forms in session
scope. 

cheers,
Amar..

-Original Message-
From: TJM Todd McGregor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 4:49 PM
To: [EMAIL PROTECTED]
Subject: Session management with Struts


I have a requirement that my application be able to allow multiple browser
windows, sharing the same HttpSession, to access two separate instances of a
business process simultaneously. For example, if I have a form that allows a
user to change their address information my application must allow them to
have two address forms open in separate browser windows using the same
HttpSession. To make a long story short, can Struts accommodate multiple
instances of an ActionForm in the same session? Any general comments on how
Struts does session management would also be welcome.

Thanks in advance for your response,

Todd McGregor

Re: Session management with Struts

2001-05-10 Thread Peter Alfors




"Nanduri, Amarnath" wrote:


>  i have seen a posting on this list a month back where
> somebody has explained that using javascript we can generate a unique id for
> every new web browser that was opened by the user

search the archives for:  "The Joy of File"

Pete


begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif";>Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

Overview of session management please

2002-05-07 Thread jfc100


Hi,

Can someone please give a brief overview of session management in struts 
and tomcat.

Just from a developers standpoint, what does tomcat do for you, what 
does struts do ontop of that (if anything) and what is required of the 
developer in order to manage sessions within the webapp?

I can see that there is some form of session management going on without 
me having to do anything explicitly in my servlet.

Thanks
Joe


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: [OT] Session Management using EJB

2003-07-10 Thread Erik Price



Nimish Chourey , Tidel Park - Chennai wrote:
Hi all ,
I want to know if there are  applications that implements Session
Management using EJB's  rather then using the HttpSession on Web tier .
I want to know the pros and cons of this approach . For all the R&D that I
have done , it seems that this approach could be used when you are deploying
your application in a clustered environment , where it is really a over head
to duplicate the sessions on all the servers in the cluster .
Still I am in dilemma , whether to follow this approach or not ??
This is really off topic , but I guess many of the developers here must have
come across this ..
Any sort of help , pointers is really appreciated .
Nimish,

I may be completely wrong about this, but here are my thoughts...

As I'm sure you are aware, the purpose of the "session" in web 
applications is to maintain state between stateless HTTP requests. 
Thus, there is an HttpSession object available at the web tier (since 
presumably in 99.9% of situations, any HTTP requests will be handled at 
the web tier).

In web applications that are not browser based (specifically, rich 
clients and applets), there is not the same need to persist state using 
a "session" object, because the state can be maintained in the client.

Beyond the web tier, in the EJB tier, I don't think that there is a need 
to persist state beyond what session beans already offer.  In other 
words, you can use a stateful session bean to perform a complicated 
action (or a stateless session bean for a simple action).  But once the 
action is complete, you don't want the bean hanging around, it should be 
returned to the pool quickly to service the needs of other clients.  The 
HttpSession is a comparatively lightweight object that you can use for 
persisting simple state information.

I think that what you are really looking for is clustering for 
HttpSession objects, so that in a clustered environment, the HttpSession 
is replicated transparently.  You can try to roll your own, but this is 
really an infrastructural area that is the responsibility of the 
container provider.  Therefore, you should turn to your application 
server for this feature.  (And I thought I heard that Tomcat is planning 
to have something like this in 5.0)

Erik

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [OT] Session Management using EJB

2003-07-10 Thread Joe Zendle

IMHO, it is always best to keep state out of EJB's when at all possible
for performance and scalability reasons.

-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 10, 2003 9:39 AM
To: Struts Users Mailing List
Subject: Re: [OT] Session Management using EJB

Nimish Chourey , Tidel Park - Chennai wrote:
> Hi all ,
>   I want to know if there are  applications that implements
Session
> Management using EJB's  rather then using the HttpSession on Web tier
.
> I want to know the pros and cons of this approach . For all the R&D
that I
> have done , it seems that this approach could be used when you are
deploying
> your application in a clustered environment , where it is really a
over head
> to duplicate the sessions on all the servers in the cluster .
> Still I am in dilemma , whether to follow this approach or not ??
> This is really off topic , but I guess many of the developers here
must have
> come across this ..
> Any sort of help , pointers is really appreciated .

Nimish,

I may be completely wrong about this, but here are my thoughts...

As I'm sure you are aware, the purpose of the "session" in web 
applications is to maintain state between stateless HTTP requests. 
Thus, there is an HttpSession object available at the web tier (since 
presumably in 99.9% of situations, any HTTP requests will be handled at 
the web tier).

In web applications that are not browser based (specifically, rich 
clients and applets), there is not the same need to persist state using 
a "session" object, because the state can be maintained in the client.

Beyond the web tier, in the EJB tier, I don't think that there is a need

to persist state beyond what session beans already offer.  In other 
words, you can use a stateful session bean to perform a complicated 
action (or a stateless session bean for a simple action).  But once the 
action is complete, you don't want the bean hanging around, it should be

returned to the pool quickly to service the needs of other clients.  The

HttpSession is a comparatively lightweight object that you can use for 
persisting simple state information.

I think that what you are really looking for is clustering for 
HttpSession objects, so that in a clustered environment, the HttpSession

is replicated transparently.  You can try to roll your own, but this is 
really an infrastructural area that is the responsibility of the 
container provider.  Therefore, you should turn to your application 
server for this feature.  (And I thought I heard that Tomcat is planning

to have something like this in 5.0)

Erik

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [OT] Session Management using EJB

2003-07-10 Thread Nimish Chourey , Tidel Park - Chennai

Thanks Eric , for your feedback . 
I am aware of the fact that container takes care of duplicating the Session
across the cluster . 
But then if I have 10 servers , it would be an big overhead as the server
has to make 10 copies of Session object.
If I maintain the user state on the App Server level (EJB) . I could manage
to bring down this overhead .
But then I need to roll out my own session implementation (which at Web Tier
,Servlet/JSP container already implemnts).
I am also aware of the fact that then my getAttribute() , setAttribute()
calls would be network calls , and hence expensive

So this I m doing just to make sure that overhead of session object
replication is not there.

Now my question is .. do you feel I have some point here ??? 
or you feel that  its more coding for less gain ?? 

-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 9:09 PM
To: Struts Users Mailing List
Subject: Re: [OT] Session Management using EJB

Nimish Chourey , Tidel Park - Chennai wrote:
> Hi all ,
>   I want to know if there are  applications that implements Session
> Management using EJB's  rather then using the HttpSession on Web tier .
> I want to know the pros and cons of this approach . For all the R&D that I
> have done , it seems that this approach could be used when you are
deploying
> your application in a clustered environment , where it is really a over
head
> to duplicate the sessions on all the servers in the cluster .
> Still I am in dilemma , whether to follow this approach or not ??
> This is really off topic , but I guess many of the developers here must
have
> come across this ..
> Any sort of help , pointers is really appreciated .

Nimish,

I may be completely wrong about this, but here are my thoughts...

As I'm sure you are aware, the purpose of the "session" in web 
applications is to maintain state between stateless HTTP requests. 
Thus, there is an HttpSession object available at the web tier (since 
presumably in 99.9% of situations, any HTTP requests will be handled at 
the web tier).

In web applications that are not browser based (specifically, rich 
clients and applets), there is not the same need to persist state using 
a "session" object, because the state can be maintained in the client.

Beyond the web tier, in the EJB tier, I don't think that there is a need 
to persist state beyond what session beans already offer.  In other 
words, you can use a stateful session bean to perform a complicated 
action (or a stateless session bean for a simple action).  But once the 
action is complete, you don't want the bean hanging around, it should be 
returned to the pool quickly to service the needs of other clients.  The 
HttpSession is a comparatively lightweight object that you can use for 
persisting simple state information.

I think that what you are really looking for is clustering for 
HttpSession objects, so that in a clustered environment, the HttpSession 
is replicated transparently.  You can try to roll your own, but this is 
really an infrastructural area that is the responsibility of the 
container provider.  Therefore, you should turn to your application 
server for this feature.  (And I thought I heard that Tomcat is planning 
to have something like this in 5.0)

Erik

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] Session Management using EJB

2003-07-10 Thread Craig R. McClanahan

On Thu, 10 Jul 2003, Nimish Chourey , Tidel Park - Chennai wrote:

> Date: Thu, 10 Jul 2003 14:28:16 +0530
> From: "Nimish Chourey , Tidel Park - Chennai" <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [OT] Session Management using EJB
>
> Hi all ,
>   I want to know if there are  applications that implements Session
> Management using EJB's  rather then using the HttpSession on Web tier .
> I want to know the pros and cons of this approach . For all the R&D that I
> have done , it seems that this approach could be used when you are deploying
> your application in a clustered environment , where it is really a over head
> to duplicate the sessions on all the servers in the cluster .

I would imagine that app servers have ways to configure whether sessions
are duplicated on *all* other servers or not, depending on the level of
redundancy you need to support failover and/or load balancing.

> Still I am in dilemma , whether to follow this approach or not ??
> This is really off topic , but I guess many of the developers here must have
> come across this ..
> Any sort of help , pointers is really appreciated .
>

I presume you're talking about maintaining state across HTTP requests,
right?  That's the only reason you'd use an HttpSession.  The
corresponding EJB mechanism would be a stateful session bean (SSB).  A few
things to think about:

* You're still going to need an HttpSession anyway, in order
  to save a reference to the SSB across requests.

* The SSB will typically live in the EJB server
  somewhere, but quite likely to be remote.  Therefore, each call
  to a method on the SSB are likely to be network accesses, not
  local method calls.

* Does the server make more than one copy of the SSB, for the
  same reasons that it replicates HttpSession instances?  If so,
  then your reasons for doing this seem to be invalidated.

In general, I'd still stick with HttpSession for state information that is
strictly related to the web tier (for example, a form bean that contained
all the fields for a multi-page wizard), and use EJBs for stuff that
relates to the business logic and persistence tier.

>
> Regards
> Nimish
>

Craig

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [OT] Session Management using EJB

2003-07-10 Thread Dennis Muhlestein

Thanks Eric , for your feedback .
I am aware of the fact that container takes care of duplicating the Session
across the cluster .
But then if I have 10 servers , it would be an big overhead as the server
has to make 10 copies of Session object.
Typically, although I could be miles from the truth, If you have more than a few servers to cluster, you would have multiple clusters. I've heard that for best performance, you should have clusters of no more than 3 or 4 servers.

To have more than one cluster, you need to have a load balancer capable of handling sticky sessions though. ie: once you get a session from a server in a cluster (cluster A), the lb always knows to send your http requests back to cluster A.

For 10 servers, you might have two clusters of 3 and one cluster of 4.

If I maintain the user state on the App Server level (EJB) . I could manage
to bring down this overhead .
Would it really be any less overhead?

But then I need to roll out my own session implementation (which at Web Tier
,Servlet/JSP container already implemnts).
I am also aware of the fact that then my getAttribute() , setAttribute()
calls would be network calls , and hence expensive

So this I m doing just to make sure that overhead of session object
replication is not there.

Now my question is .. do you feel I have some point here ???
or you feel that its more coding for less gain ??

If you have enough traffic to actually need 10 servers in your pool, and you are generating revenue with those servers, you could probably use some of it to by a load balance with sticky session capability. If not, I'd stick with http session management at the web tier and only cluster 3 or 4 of the servers.

Just my thoughts on a complex topic :-)
-Dennis

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session management for cached resources

2002-10-02 Thread Andrew Hill


Im doing something rather like this, only I called it an "OperationContext"
which comprises a hashtable of attributes and an id to store it under in the
session (passed in the request). I simply overrode the RequestProcessor so
it knew to look for an actionform in the OperationContext first if the form
scope is session.
Works quite nicely.

-Original Message-
From: James A. Hillyerd [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 03:52
To: Struts Users Mailing List
Subject: Session management for cached resources


Hi all,

The Husted.com Struts Catalog mentions a technique for providing session
management for cached resources (a Resource Cache):

"Most Web applications require use of a workflow, and need to save
ActionForms and other attributes for future use. These items may also
need to be released in a block when the workflow completes. A convenient
way to handle this is to define a "Resource Cache". This can simply be a
hash map that uses a wrapper object to manage its items. The wrapper
object can include a named "scope", a property to indicate whether the
item is permanent or temporary, and a counter. To keep the cache
manageable, a threshold can be set, and the oldest temporary items
removed when the threshold is reached and a new item needs to be added."

( from http://husted.com/struts/catalog.html )

I can't find any information in the archives or online about
implementing something like this.  It seems like it would be difficult
to integrate with struts. How would struts handle having it's form beans
nested within this "Resource Cache" object?

Thanks.

-james

--
[]  James A. Hillyerd <[EMAIL PROTECTED]> - Java Software Engineer
[]  PGP 1024D/D31BC40D F87B 7906 C0DA 32E8 B8F6 DE23 FBF6 4712 D31B C40D


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Session management for cached resources

2002-10-04 Thread James A. Hillyerd

On Wed, 2002-10-02 at 19:14, Andrew Hill wrote:
> Im doing something rather like this, only I called it an "OperationContext"
> which comprises a hashtable of attributes and an id to store it under in the
> session (passed in the request). I simply overrode the RequestProcessor so
> it knew to look for an actionform in the OperationContext first if the form
> scope is session.
> Works quite nicely.

That sounds pretty close to what I want to do.  Which version of Struts
are you running?  I'm still on 1.0 right now.

Something else I was considering was to use a naming convention like
"context.name", and then have a utility method that would iterate
through the session and remove "mymodule.*".  Not quite as elegant as
your solution though. =)

-james

-- 
[]  James A. Hillyerd <[EMAIL PROTECTED]> - Java Software Engineer
[]  PGP 1024D/D31BC40D F87B 7906 C0DA 32E8 B8F6 DE23 FBF6 4712 D31B C40D

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: Session management for cached resources

2002-10-06 Thread Andrew Hill

Im running 1.1, so in your case, running 1.0 you would need to make changes
in the ActionServlet, as afaik the RequestProcessor is a 1.1 thing.

-Original Message-
From: James A. Hillyerd [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 05, 2002 01:21
To: [EMAIL PROTECTED]
Cc: Struts Users Mailing List
Subject: RE: Session management for cached resources

On Wed, 2002-10-02 at 19:14, Andrew Hill wrote:
> Im doing something rather like this, only I called it an
"OperationContext"
> which comprises a hashtable of attributes and an id to store it under in
the
> session (passed in the request). I simply overrode the RequestProcessor so
> it knew to look for an actionform in the OperationContext first if the
form
> scope is session.
> Works quite nicely.

That sounds pretty close to what I want to do.  Which version of Struts
are you running?  I'm still on 1.0 right now.

Something else I was considering was to use a naming convention like
"context.name", and then have a utility method that would iterate
through the session and remove "mymodule.*".  Not quite as elegant as
your solution though. =)

-james

--
[]  James A. Hillyerd <[EMAIL PROTECTED]> - Java Software Engineer
[]  PGP 1024D/D31BC40D F87B 7906 C0DA 32E8 B8F6 DE23 FBF6 4712 D31B C40D

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Architecture Questions - Session Management and Validation

2002-03-13 Thread @Basebeans.com

Subject: Architecture Questions - Session Management and Validation
From: "Arthur Frankel" <[EMAIL PROTECTED]>
 ===
I am new to Struts and have the following questions that I have been unable
to answer from FAQs and documentation:

1) Session Management - I want to limit the information stored in your
session between pages.  I am planning on using request.setAttribute for
information I just need to display in the JSP and session.setAttribute for
items I need across multiple pages.  Is there any mechanism in Struts (i.e.,
XML based) that can remove items from the session based on properties of a
page.  For example, in moving across a 5 page creation "wizard" I would like
to remove the items from the session after the "save".  There doesn't seem
to be a way in Struts to set the XML in such a way to "automatically" do
this.  It seems that I would need to add code specifically to my Action.  Is
this correct? Am I missing something?

2) Validation - I am using the struts validator -
http://home.earthlink.net/~dwinterfeldt/ and find that it doesn't support
errors vs. warnings vs. informational text.  Is there something that I'm
missing here?

Thanks in advance
Arthur Frankel
[EMAIL PROTECTED]

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Problem with session management using Struts 1.0

2003-06-11 Thread Gilbert Tan

Hi,
 
I am new to Struts framework.
I am encountering the following problem with the session management.
Whenever my Action starts, I will check for the existence of a session
object using the following code:
HttpSession session = request.getSession(false);
If the session object is null, I will redirect the user to the login
page.
But the code is not working as expected. The session object that is
returned is always not null.
I am tried the same code using a normal servlet and it works as
expected.
Does anybody knows why?
Thanks.
 
 
Gilbert Tan

Security Software Engineer

 

DID: 65 - 6887 7540

 

RadianTrust Pte Ltd 

31 Science Park Road, The Crimson, Level 1, Singapore 117611

Main Tel: 65 - 6887 7999  

Main Fax: 65 - 6887 7800

Visit us at www.radiantrust.com <http://www.radiantrust.com/> 

 

NOTICE
This eMail and any attachments are intended solely for the named
addressee(s) only. It contains confidential and/or privileged
information which should not be copied or disclosed without the consent
of the CrimsonLogic group.  If you are not the intended recipient or if
you have received this eMail in error, you must not copy, distribute,
disclose or take any action in reliance on it (or any part of its
contents).  In such case, you should inform the CrimsonLogic group
immediately by eMail or telephone +65 68877888 (reverse charges if
necessary) and delete this eMail and any attachments from your system.

 

The integrity and security of Internet communications and in particular
this eMail and any attachments cannot be guaranteed.  The CrimsonLogic
group accepts no liability whatsoever in connection therewith.  You are
strongly advised to carry out all necessary virus checks and that you
open this eMail and any attachments at your own risk.

Re: Architecture Questions - Session Management and Validation

2002-03-16 Thread keithBacon


you've missed nothing - just asking a lot!
IMO (I'm not a struts developer - just an occasional user) struts can ony take
on responsibility for basic common functionality of webapps - beyond that
requirements for different users diverge. It's a mistake for it to take on too
much. Also it's new & evolving - maybe next year...

--- Struts Newsgroup <[EMAIL PROTECTED]> wrote:
> Subject: Architecture Questions - Session Management and Validation
> From: "Arthur Frankel" <[EMAIL PROTECTED]>
>  ===
> I am new to Struts and have the following questions that I have been unable
> to answer from FAQs and documentation:
> 
> 1) Session Management - I want to limit the information stored in your
> session between pages.  I am planning on using request.setAttribute for
> information I just need to display in the JSP and session.setAttribute for
> items I need across multiple pages.  Is there any mechanism in Struts (i.e.,
> XML based) that can remove items from the session based on properties of a
> page.  For example, in moving across a 5 page creation "wizard" I would like
> to remove the items from the session after the "save".  There doesn't seem
> to be a way in Struts to set the XML in such a way to "automatically" do
> this.  It seems that I would need to add code specifically to my Action.  Is
> this correct? Am I missing something?
> 
> 2) Validation - I am using the struts validator -
> http://home.earthlink.net/~dwinterfeldt/ and find that it doesn't support
> errors vs. warnings vs. informational text.  Is there something that I'm
> missing here?
> 
> Thanks in advance
> Arthur Frankel
> [EMAIL PROTECTED]
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


=
~~
Search the archive:-
http://www.mail-archive.com/struts-user%40jakarta.apache.org/
~~
Keith Bacon - Looking for struts work - South-East UK.
phone UK 07960 011275

__
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Problem with session management using Struts 1.0

2003-06-12 Thread Tillin, Dan

Have you set your action to be in session scope in struts-config.xml? I suspect doing 
this would mean Struts
would create the session for you.

-Original Message-
From: Gilbert Tan [mailto:[EMAIL PROTECTED]
Sent: 12 June 2003 07:11
To: [EMAIL PROTECTED]
Subject: Problem with session management using Struts 1.0

Hi,

I am new to Struts framework.
I am encountering the following problem with the session management.
Whenever my Action starts, I will check for the existence of a session
object using the following code:
HttpSession session = request.getSession(false);
If the session object is null, I will redirect the user to the login
page.
But the code is not working as expected. The session object that is
returned is always not null.
I am tried the same code using a normal servlet and it works as
expected.
Does anybody knows why?
Thanks.

Gilbert Tan

Security Software Engineer

DID: 65 - 6887 7540

RadianTrust Pte Ltd 

31 Science Park Road, The Crimson, Level 1, Singapore 117611

Main Tel: 65 - 6887 7999  

Main Fax: 65 - 6887 7800

Visit us at www.radiantrust.com <http://www.radiantrust.com/> 

NOTICE
This eMail and any attachments are intended solely for the named
addressee(s) only. It contains confidential and/or privileged
information which should not be copied or disclosed without the consent
of the CrimsonLogic group.  If you are not the intended recipient or if
you have received this eMail in error, you must not copy, distribute,
disclose or take any action in reliance on it (or any part of its
contents).  In such case, you should inform the CrimsonLogic group
immediately by eMail or telephone +65 68877888 (reverse charges if
necessary) and delete this eMail and any attachments from your system.

The integrity and security of Internet communications and in particular
this eMail and any attachments cannot be guaranteed.  The CrimsonLogic
group accepts no liability whatsoever in connection therewith.  You are
strongly advised to carry out all necessary virus checks and that you
open this eMail and any attachments at your own risk.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

56 matches

Mail list logo